java.lang.Object
org.elasticsearch.common.ssl.KeyStoreUtil
A variety of utility methods for working with or constructing
KeyStore instances.-
Nested Class Summary
Nested Classes -
Method Summary
Modifier and TypeMethodDescriptionstatic KeyStorebuildKeyStore(Collection<Certificate> certificateChain, PrivateKey privateKey, char[] password) Construct an in-memory keystore with a single key entry.static KeyStorebuildTrustStore(Iterable<Certificate> certificates) Construct an in-memory keystore with multiple trusted cert entries.static KeyStorebuildTrustStore(Iterable<Certificate> certificates, String type) static X509ExtendedKeyManagercreateKeyManager(Certificate[] certificateChain, PrivateKey privateKey, char[] password) Returns aX509ExtendedKeyManagerthat is built from the provided private key and certificate chainstatic X509ExtendedKeyManagercreateKeyManager(KeyStore keyStore, char[] password, String algorithm) Creates aX509ExtendedKeyManagerbased on the key material in the providedKeyStorestatic X509ExtendedTrustManagercreateTrustManager(KeyStore trustStore, String algorithm) Creates aX509ExtendedTrustManagerbased on the trust material in the providedKeyStorestatic X509ExtendedTrustManagercreateTrustManager(Collection<Certificate> certificates) Creates aX509ExtendedTrustManagerbased on the provided certificatesstatic KeyStorefilter(KeyStore store, Predicate<KeyStoreUtil.KeyStoreEntry> filter) Filters a keystore using a predicate.static StringinferKeyStoreType(String path) Make a best guess about the "type" (seeKeyStore.getType()) of the keystore file located at the givenPath.static KeyStorereadKeyStore(Path path, String ksType, char[] password) Read the given keystore file.static Stream<KeyStoreUtil.KeyStoreEntry> stream(KeyStore keyStore, Function<GeneralSecurityException, ? extends RuntimeException> exceptionHandler)
-
Method Details
-
inferKeyStoreType
Make a best guess about the "type" (seeKeyStore.getType()) of the keystore file located at the givenPath. This method only references the file name of the keystore, it does not look at its contents. -
readKeyStore
public static KeyStore readKeyStore(Path path, String ksType, char[] password) throws GeneralSecurityException, IOException Read the given keystore file.- Throws:
SslConfigException- If there is a problem reading from the provided pathGeneralSecurityException- If there is a problem with the keystore contentsIOException
-
buildKeyStore
public static KeyStore buildKeyStore(Collection<Certificate> certificateChain, PrivateKey privateKey, char[] password) throws GeneralSecurityException Construct an in-memory keystore with a single key entry.- Parameters:
certificateChain- A certificate chain (ordered from subject to issuer)privateKey- The private key that corresponds to the subject certificate (index 0 ofcertificateChain)password- The password for the private key- Throws:
GeneralSecurityException- If there is a problem with the provided certificates/key
-
filter
Filters a keystore using a predicate. The provided keystore is modified in place. -
buildTrustStore
public static KeyStore buildTrustStore(Iterable<Certificate> certificates) throws GeneralSecurityException Construct an in-memory keystore with multiple trusted cert entries.- Parameters:
certificates- The root certificates to trust- Throws:
GeneralSecurityException
-
buildTrustStore
public static KeyStore buildTrustStore(Iterable<Certificate> certificates, String type) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
createKeyManager
public static X509ExtendedKeyManager createKeyManager(Certificate[] certificateChain, PrivateKey privateKey, char[] password) throws GeneralSecurityException, IOException Returns aX509ExtendedKeyManagerthat is built from the provided private key and certificate chain- Throws:
GeneralSecurityExceptionIOException
-
createKeyManager
public static X509ExtendedKeyManager createKeyManager(KeyStore keyStore, char[] password, String algorithm) throws GeneralSecurityException Creates aX509ExtendedKeyManagerbased on the key material in the providedKeyStore- Throws:
GeneralSecurityException
-
createTrustManager
public static X509ExtendedTrustManager createTrustManager(@Nullable KeyStore trustStore, String algorithm) throws NoSuchAlgorithmException, KeyStoreException Creates aX509ExtendedTrustManagerbased on the trust material in the providedKeyStore -
createTrustManager
public static X509ExtendedTrustManager createTrustManager(Collection<Certificate> certificates) throws GeneralSecurityException Creates aX509ExtendedTrustManagerbased on the provided certificates- Parameters:
certificates- the certificates to trust- Returns:
- a trust manager that trusts the provided certificates
- Throws:
GeneralSecurityException
-
stream
public static Stream<KeyStoreUtil.KeyStoreEntry> stream(KeyStore keyStore, Function<GeneralSecurityException, ? extends RuntimeException> exceptionHandler)
-